fix: improve memory management in FFI progress callbacks

PastaPastaPasta · PastaPastaPasta · commit 2aa843e906cf · 2025-11-06T12:07:41.000-06:00
This commit enhances memory management in the FFI layer by ensuring that the stage_message is properly moved out of the FFIDetailedSyncProgress struct before destruction. This change prevents potential double-free issues and ensures that heap-allocated strings are correctly freed, addressing memory leak concerns during progress callbacks.
diff --git a/dash-spv-ffi/src/client.rs b/dash-spv-ffi/src/client.rs
@@ -812,8 +812,8 @@ pub unsafe extern "C" fn dash_spv_ffi_client_sync_to_tip_with_progress(
                                         SyncStage::Complete | SyncStage::Failed(_)
                                     );
 
-                                    // Create FFI progress
-                                    let ffi_progress = Box::new(FFIDetailedSyncProgress::from(progress));
+                                    // Create FFI progress (stack-allocated to avoid double-free issues)
+                                    let mut ffi_progress = FFIDetailedSyncProgress::from(progress);
 
                                     // Call the callback using the registry
                                     {
@@ -830,13 +830,24 @@ pub unsafe extern "C" fn dash_spv_ffi_client_sync_to_tip_with_progress(
                                                 // SAFETY: The callback and user_data are safely stored in the registry
                                                 // and accessed through thread-safe mechanisms. The registry ensures
                                                 // proper lifetime management without raw pointer passing across threads.
-                                                callback(ffi_progress.as_ref(), *user_data);
+                                                callback(&ffi_progress, *user_data);
 
                                                 // Free any heap-allocated strings inside the progress struct
                                                 // to avoid leaking per-callback allocations (e.g., stage_message).
+                                                // Move stage_message out of the struct to avoid double-free.
                                                 unsafe {
+                                                    // Move stage_message out of the struct (not using ptr::read to avoid double-free)
+                                                    let stage_message = std::mem::replace(
+                                                        &mut ffi_progress.stage_message,
+                                                        crate::types::FFIString {
+                                                            ptr: std::ptr::null_mut(),
+                                                            length: 0,
+                                                        },
+                                                    );
                                                     // Destroy stage_message allocated in FFIDetailedSyncProgress::from
-                                                    crate::types::dash_spv_ffi_string_destroy(std::ptr::read(&ffi_progress.stage_message));
+                                                    crate::types::dash_spv_ffi_string_destroy(stage_message);
+                                                    // Prevent Drop from running on the struct to avoid re-freeing
+                                                    std::mem::forget(ffi_progress);
                                                 }
                                             }
                                         }
